Excel User Conference: What to look for in a dodgy spreadsheet

Share this content
6

Simon Hurst reports on the first day of the Excel User Conference taking place in Cambridge.

By now, most Excel users should be aware of the potential dangers inherent in inappropriately used spreadsheets. But what is the likely impact of an over-complex formula buried in a worksheet used at a nuclear power station?

That was one of the scary scenarios revealed by leading European spreadsheet audit expert Patrick O'Beirne at the Excel Users Conference in Cambridge this week. In his talk on Thursday morning, O'Beirne thoroughly frightened the audience by showing some of the things that can go wrong.

As well as the nuclear spreadsheet, O'Bierne cited other horrors including the 1m error discovered by Customs auditors in a company's VAT calculations, and a model containi...

Please Login or Register to read the full article

Replies

Please login or register to join the discussion.

avatar
30th Nov 2007 14:31

Why?
If spreadsheets are such potentially dangerous beasts - nothing new there - I've been banging that drum for 10+ years - why do professionals still insist on using them for business critical applications? Madness.

Thanks (0)
avatar
By Anonymous
01st Dec 2007 06:38

Does using Excel invalidate your PI ..............
Agree completely with Dennis

However, this area does raise an interesting question. If despite all the warnings members of the profession continue to use spreadsheets for overly complex or critical applications then what is the position with their PI (Professional Indemnity) Insurance.

We were always given to understand that insurance of any kind was to cover/indemnify in the case of unforeseen circumstances and not to underwrite those who knowingly adopt risky practices

Therefore does this mean that those using spreadsheets in these circumstances have forfeited their PI cover?

Thanks (0)
avatar
04th Dec 2007 13:24

Security breach
Having credit card numbers in a spreadsheet, unless you are just showing which card was used for an expense claim, is surely a security cockup ?

Customer payments should be handled by a Merchant Services 'black box' which does not leak sensitive data.

In any case, isn't the final digit just a check digit which could be recalculated if required ?

Thanks (0)
avatar
05th Dec 2007 08:42

I love terms like
"business critical" and "black-box". These are good examples of magic words which people use to hide their ignorance!

I guess it is compounding the crass stupidity of putting a credit card number into an Excel worksheet, by using a format not capable of actually storing it.

I have been banging on about the joys of combining Access and Excel for reporting purposes for far too many moons, so its good to hear of a kindred spirit.

BTW I bet most users are not aware of the potential dangers inherent in spreadsheets, whether inappropriately used or not.

Thanks (0)
avatar
09th Dec 2007 10:30

Terminology
How exactly does using the term 'black box' show ignorance ?

I am using in the sense described by e.g.the Merriam-Webster online dictionary:
"1: a usually complicated electronic device that functions and is packaged as a unit and whose internal mechanism is usually hidden from or mysterious to the user; "

Surely once the transaction has been authorised by the credit card system, there is only need to retain the authorisation code, although I must confess to not having written software to talk to the c-c servers.

Are you saying from experience, that interfacing to a credit card system is a messy process that requires you to be aware of all kinds of internal complexities ?

Thanks (0)
avatar
By Anonymous
10th Dec 2007 08:04

Card processing ....
'Black Box' is a valid testing term - one doesn't care what goes on inside the routine just that it provides the correct solution on pre-defined input parameters

Now-a-days the card interface can be very simple (per example below), although a lot depends upon the eventual goal (repeat monthly billing etc)

WorldPay example - http://support.worldpay.com/examples/body.html

i.e. - form action="https://select.worldpay.com/wcc/purchase" name="BuyForm" method="POST"
(a simple one liner once the parameters have been entered)

(SecPay & other card processors have a similar method)

Under normal circumstances card details should not be held anywhere other than on the providers servers - any other approach is a greater risk

Thanks (0)